Security Basics mailing list archives
Re: Proxy & Firewall Implementation
From: "florian leibert" <flo () leibert de>
Date: Thu, 13 Jan 2005 19:12:06 +0100
John, you should place the services that need to be accessed from the outside inside a DeMilitarized Zone, because if someone gains access to one of the publicly available services, he would be already inside your network and could easily bypass your firewall to attack other systems. since it is usually easier to break into public services (mail, dns, http), the DMZ allows you to keep public / private services separated. the proxy should be protected by the firewall - of course you fw has to be properly secured. you should probably buy the O'Reilly - Firewalls, it explains the different flavours of firewalls and gives you a good overview. (if it's a small-mid size network, i would probably go for a packetfilter based on linux with something like portsentry...) -- Florian Leibert ----- Original Message ----- From: "John" <naverxp () yahoo com sg> To: <security-basics () securityfocus com> Sent: Thursday, January 13, 2005 2:04 AM Subject: Proxy & Firewall Implementation
Hi I'm a fresh graduate in System Administrator field. Recently, with much of luck, i was recommended to a company to implement a firewall system to their network infrastructure. I hope to pick some experience from this forum as to how people in here might consider different circumstances when placing their proxy server inside a protected network (behind the firwall) or before the firewall. Would i need two firewalls? (i'm considering the Cisco FW, and CyberGuard FW). During my research, i found a documentation written by a blackhat whom suggested to allocate DMZ most of my services (httpd, mail, etc) outside the internal network and make redundancies everynight. My 2nd question, why did he suggested that? why expose my services outside the network where my information are Live and exposed to the risk of being
compromised.
John
Current thread:
- Proxy & Firewall Implementation John (Jan 13)
- Re: Proxy & Firewall Implementation florian leibert (Jan 13)
- RE: Proxy & Firewall Implementation David Gillett (Jan 14)
- <Possible follow-ups>
- RE: Proxy & Firewall Implementation Conlan Adams (Jan 14)
- Re: Proxy & Firewall Implementation miguel . dilaj (Jan 14)